toggle

AAPL Stock: 100.97 ( + 0.08 )

Printed from http://www.macnn.com

Russian team cracks iOS 4 encryption

updated 12:05 pm EDT, Tue May 24, 2011

Initial threat may be limited

A group of Russian forensic experts, ElcomSoft, has successfully cracked both the hardware and firmware backup encryption for iOS devices, reports say. Partly to increase appeal to corporate buyers, Apple began introducing hardware encryption with the iPhone 3GS, later improving the system with iOS 4. The firmware lets people assign a passcode for the hardware encryption keys, making it even more difficult for an attacker to see data.

ElcomSoft's invention is Phone Password Breaker, which is GPU-accelerated and can decipher both iOS and BlackBerry backups. The catch with iOS backups is that in order to crack protected files, a person must have access to the associated device. Needed encryption keys are kept in hardware and not shared, says Elcom's Vladimir Katalov.

Keys must be generated from a combination of hardware UDID, passcode, escrow pairing records and effaceable storage. No special effort is needed, however, if a target chooses not to encrypt backups in iTunes. Leaving backups exposed can potentially allow access to sensitive information such as contacts and logins.




by MacNN Staff

toggle

Comments

  1. panjandrum

    Joined: Dec 1969

    +2

    Shockwave Rider...

    Anyone interested in what the world might look like when all data is digital and when that data can no longer be protected in any way should read John Brunner's excellent work "The Shockwave Rider". (This is the book in which the term "worm" is coined to describe a certain type of software). One of the most interesting books from a varied and creative author.

  1. prl99

    Joined: Dec 1969

    0

    Do we trust the Russians yet?

    "The availability of this toolkit is restricted to select government entries such as law enforcement and forensic organizations and intelligence agencies."

    I presume this means any country's law enforcement or intelligence agency. I am serious about whether we trust the Russians. We allow almost all of our computers to be built in the largest communist country in the world. I'm sure there's still spying going on between the US and Russia but this happens between most countries as well as inside the US!

    This product is a forensics tool, not something for a hacker. I wonder how easy it was to break the encryption algorithm, especially since Apple has this hardware/software going through NIST FIPS 140-2 certification. oops!!

  1. msuper69

    Joined: Dec 1969

    -9

    "group of Russian forensic experts"

    "group of Russian criminals"

  1. stainboy

    Joined: Dec 1969

    +1

    quite the brain team there

    these are the same people who sell software that can crack most PDF passwords.

  1. prl99

    Joined: Dec 1969

    +3

    not alone msuper69

    Who do you think own's Kaspersky Labs and their anti-virus software that's on TV ads? http://usa.kaspersky.com/ Before you call them criminals, what do you think the CIA, NSA, and all the other three-letter agencies do? I'm sure the Russians have the same lack of respect for Americans that you obviously have.

    Forensics is a huge emerging market in the US. All you have to do is watch NCIS and understand what they are doing is not science fiction. The amount of time they take to break encryption is suspect but even they say there is some encryption they can't break. Corporations are hiring these people and buying this software to protect against theft of corporate secrets. This is big business. The fact ElcomSoft was able to break iOS and Blackberry means others will as well. How soon the hackers get the software is anyone's guess.

    The question is whether we can work together with companies from countries many of us don't trust to secure all of our data or face the obvious alternative of never being able to protect any of our data.

  1. mytdave

    Joined: Dec 1969

    +2

    not cracking

    It is not cracking the encryption when you have to have the iPhone present to extract the encryption keys from the device to unlock the encrypted backup. What is the point of this exercise exactly?

    Oh, and since when was it considered important to encrypt iPhone backups in iTunes? Hmm, a lot of good that does when the exact information you're "protecting" from the iPhone is synced with, oh, say, Address Book! Security conscious folks should be running FileVault on their computers in the first place (or their favorite disk encryption program).

    Someone wake me up when there's a real security issue with iOS.

  1. Arne_Saknussemm

    Joined: Dec 1969

    -6

    iCloud cracking?

    wonder how long it will take the hackers to get acces to the iCloud...

  1. testudo

    Joined: Dec 1969

    0

    Re: not cracking

    It is not cracking the encryption when you have to have the iPhone present to extract the encryption keys from the device to unlock the encrypted backup. What is the point of this exercise exactly?

    To be able to access the information on an iPhone that is encrypted. What would you consider to be a 'crack'? Only if someone is able to access every bit of info from an iPhone without any access to it? Why bother? It's far easier to steal the phone.

    Oh, and since when was it considered important to encrypt iPhone backups in iTunes? Hmm, a lot of good that does when the exact information you're "protecting" from the iPhone is synced with, oh, say, Address Book! Security conscious folks should be running FileVault on their computers in the first place (or their favorite disk encryption program).

    Apparently someone needs to realize that (a) not all iPhone users use macs, (b) not all iPhone users sync to their local computers, and (c) not all data syncs to other sources.

    Someone wake me up when there's a real security issue with iOS.

    Why bother. I'm sure you'll explain any sort of thing away. You know, like the hack into iOS 4.0 that allowed a malicious web site to install a root kit onto your iPhone. All without your permission. Oh, right, that didn't count because the web site in question actually asked you before installing it (because they were being nice).

  1. facebook_Clarence

    Via Facebook

    Joined: May 2011

    -7

    iPhone

    Oops! Apple let the encryption keys out again. Now the Soviets have full access to your iOS and can initiate the battery meltdown sequence.

    Get a Droid instead. Removable battery = easy way to beat the Soviet attack.

    - Droid does what iPhon't

  1. thnikkaman

    Joined: Dec 1969

    +3

    Clarence

    Just stop already. You're rude, insensitive, and seem to exist solely to anger people that come to this site. You and your aliases are really getting out of hand. No one cares what your Droid does.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

toggle

Most Commented